[PATCH v2 2/3] mmc: sdio: fix possible memory leak in sdio_init_func()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If it fails in sdio_init_func(), sdio_remove_func() can not
free the memory that allocated in sdio_alloc_func(), because
sdio_add_func() is not called yet, the sdio function is not
presented and sdio_remove_func() will return directly.

In this error path, we can not call put_device() to free the
memory in sdio_release_func(), because sdio_read_func_cis()
may fail, then sdio_free_func_cis() is called in release()
funtion which could cause put the reference that has not
been got.

So fix these leaks with calling kfree() instead of sdio_remove_func()
in error path.

Fixes: 3d10a1ba0d37 ("sdio: fix reference counting in sdio_remove_func()")
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Signed-off-by: Yang Yingliang <yangyingliang@xxxxxxxxxx>
---
 drivers/mmc/core/sdio.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/drivers/mmc/core/sdio.c b/drivers/mmc/core/sdio.c
index f64b9ac76a5c..f314224b362b 100644
--- a/drivers/mmc/core/sdio.c
+++ b/drivers/mmc/core/sdio.c
@@ -133,11 +133,8 @@ static int sdio_init_func(struct mmc_card *card, unsigned int fn)
 	return 0;
 
 fail:
-	/*
-	 * It is okay to remove the function here even though we hold
-	 * the host lock as we haven't registered the device yet.
-	 */
-	sdio_remove_func(func);
+	kfree(func->tmpbuf);
+	kfree(func);
 	return ret;
 }
 
-- 
2.25.1




[Index of Archives]     [Linux Memonry Technology]     [Linux USB Devel]     [Linux Media]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux